This IP address has been reported a total of
286
times from
131 distinct
sources.
3.239.1.167 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
[Thu Apr 02 08:30:16.549678 2026] [access_compat:error] [pid 2148880:tid 2148880] [client 3.239.1.16 ...
show more[Thu Apr 02 08:30:16.549678 2026] [access_compat:error] [pid 2148880:tid 2148880] [client 3.239.1.167:46084] AH01797: client denied by server configuration: /var/www/html/anthropic
[Thu Apr 02 08:30:16.643337 2026] [access_compat:error] [pid 2148880:tid 2148880] [client 3.239.1.167:46084] AH01797: client denied by server configuration: /var/www/html/anthropic
[Thu Apr 02 08:30:16.737960 2026] [access_compat:error] [pid 2148880:tid 2148880] [client 3.239.1.167:46084] AH01797: client denied by server configuration: /var/www/html/anthropic
...
show less
Bad Web Bot
Web App Attack
Anonymous
[Thu Apr 02 08:29:56.595813 2026] [authz_core:error] [pid 12821] [client 3.239.1.167:41580] AH01630: ...
show more[Thu Apr 02 08:29:56.595813 2026] [authz_core:error] [pid 12821] [client 3.239.1.167:41580] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Thu Apr 02 08:29:56.693580 2026] [authz_core:error] [pid 12821] [client 3.239.1.167:41580] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Thu Apr 02 08:29:56.791353 2026] [authz_core:error] [pid 12821] [client 3.239.1.167:41580] AH01630: client denied by server configuration: /etc/httpd/htdocs
...
show less
Detected via HAProxyScanner at 2026-04-02 06:26:01 UTC on destination port WEB (80/443). Repeated sc ...
show moreDetected via HAProxyScanner at 2026-04-02 06:26:01 UTC on destination port WEB (80/443). Repeated scan / connection.
show less
Attempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" ...
show moreAttempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" resources improperly exposed externally and "protected" only by a lack of external DNS resolution.
3.239.1.167 - - [02/Apr/2026:06:23:45 +0000] "GET /anthropic/v1/models HTTP/1.1" 403 153 "-" "silver.inc/3.0" "-"
show less
[Honeypot] Malicious activity detected by honeypot on port 80. IP attempted unauthorized access to d ...
show more[Honeypot] Malicious activity detected by honeypot on port 80. IP attempted unauthorized access to decoy service. Original message: Web honeypot: 8 malicious requests. Attack types: generic_scan. Sample: GET /anthropic/v1/models HTTP/1.1. Attempted credentials captured.
show less
Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrp ...
show moreFail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrpc_attack, wp-login brute force, excessive crawling/scraping
show less